Traditional cryptanalysis has focused predominantly on exploiting underlying algorithms and/or protocols used to encrypt data. Even though an encryption scheme may be theoretically secure, it still may be possible to decrypt data using information obtained regarding the execution of a cryptographic algorithm. Information obtained from the operation of a cryptographic device, such as a computer or smart card, that may be used to identify and/or deduce secret information is called side-channel leakage.
Many different techniques have been developed to obtain and exploit side-channel leakage including timing attacks, power attacks, and fault generation. In a timing attack, side-channel information regarding the time that it takes for an algorithm to execute on a device can be used to deduce secret information. By taking advantage of side-channel information regarding the length of time used to encrypt or decrypt data, an attacker may be able to use knowledge about the underlying algorithm to deduce secret information.
In a power attack, information regarding the power consumption of a device performing cryptographic operations may be used to determine secret information. By performing a statistical analysis of the electronic power consumption of a device performing a large number of cryptographic operations with the same key, an attacker may be able to deduce secret information.
In a fault generation attack, the normal operation of a device may be compared to the operation of the same device under fault conditions to deduce secret information. For example, physical faults may include temperature, radiation, physical stress, and voltage variations.
By exploiting side-channel leakage, an attacker may be able to compromise the security of cryptographic devices even though the underlying algorithms and protocols used by those devices are theoretically secure.